tag:blogger.com,1999:blog-4080617372940068027.post7763598636819659342..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Linkz for Detection and ResponseCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4080617372940068027.post-79813915448823321462015-01-19T13:51:31.813-05:002015-01-19T13:51:31.813-05:00Corey,
Most of the threat intelligence I see is w...Corey,<br /><br />Most of the threat intelligence I see is written by malware RE folks, and detection mechanisms are focused on the network. However, as an incident responder, I'm in a position where I'm responding well after the initial compromise, so I'm interested in those artifacts that are most likely to remain weeks (or months) after the fact. We still need to be able to address things like window of compromise, initial infection vector, and scope if we're going to truly remediate and protect an environment.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com